In response to the news that Cisco has uncovered a new phishing attack which is using clever targeting and filter avoidance to reap a higher success rate than most campaigns. Further, it’s using multiple emails sent during a small time window (around 90 minutes), making it a more complex threat to detect, Mark Sparshott, EMEA director, Proofpoint, writes:
“This attack used variations around “Order Confirmations” as the lure to dupe the recipients into opening the malicious Microsoft Word attached to the email. Proofpoint’s Human Factor shows how lucrative these targeted phishing attacks can be for cybercriminals with most campaigns achieving a 1-in-10 success rate.
The most successful email lures are Social Networking (preying on the human desire for social interaction and belonging), Financial Account Warnings and Order Confirmations (preying on the desire for financial stability) and Breaking News Stories (preying on human curiosity and compassion). However fake LinkedIn Invitations are by far the most dangerous achieving a success rate 4x that of any other type of email lure. More often than not these emails don't contain an attachment, just a link to a malware hosted on a legitimate website, like Dropbox in this case.
Proofpoint’s advice is to people is to “think before you click” on links or attachments in these types of emails, especially if they are unsolicited. This is especially true for order confirmations sent as a Word document because legitimate order confirmation details tend to be sent to businesses as a PDF or just included within the text of the emails sent to consumers.”